[Bro] troubleshooting bro memory usage?
seth at icir.org
Sat Aug 10 08:19:40 PDT 2013
On Aug 9, 2013, at 3:30 PM, aaron gee-clough <lists at g-clef.net> wrote:
> Is there a way to disable this caching? (or have I mis-understood what
> bro's doing with DNS?)
That's unrelated. It's referring to DNS lookup requests happening at script land. We ran into a case once where someone had written a script that did two reverse hostname lookups for every connection that was established (don't do this, it's *really* not a good idea). Although I should point out that their Bro cluster was running quite well even in the face of that, but I don't think their DNS resolver was very happy about it. :)
In general, monitoring in front of a DNS resolver should be just fine.
International Computer Science Institute
(Bro) because everyone has a network
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20130810/1fabeadc/attachment.bin
More information about the Bro